Input Device Support 653Pseudo-File-Systems 662 Summary 671 Chapter 28 Configuring the System at the Command Line 673 Administrating Your System from the Command Line 673 Creating and Ma
Trang 1Configuring Apache 519
Understanding SSL and Server Certificates 547
Obtaining a Certificate from a Certification Authority 554Summary 554
Completing the Initial Mailman Configuration 556
Modifying a Mailing List’s Configuration 560Performing Common Mailman Administrative Tasks 561
Summary 579
Improving the Performance of DNS Clients 583
Logging 586
Summary 593
xxviii Contents
Trang 2Part Four System Administration 595 Chapter 26 Keeping Your System Updated with up2date
Accessing the Red Hat Network with a Web Browser 608Summary 614
Determining Whether to Upgrade to a New Kernel 616
Verifying and Unpacking the Archive 626
Selecting a Kernel Configuration File 630Configuring the Kernel with xconfig 633Configuring the Kernel with menuconfig 634
ATA/ATAPI/MFM/RLL Support 647
Contents xxix
Trang 3Input Device Support 653
Pseudo-File-Systems 662
Summary 671
Chapter 28 Configuring the System at the Command Line 673
Administrating Your System from the Command Line 673
Creating and Manipulating Partitions 683Creating and Manipulating File Systems 685
Timekeeping 696
Running Regularly Scheduled Jobs with cron 704Summary 705
xxx Contents
Trang 4Chapter 29 Administering Users and Groups 707
Modifying Multiple Accounts Simultaneously 715Viewing Login and Process Information 717
Administering Users and Groups with User Manager 725
Modifying and Deleting User Accounts 727
Modifying and Deleting Group Accounts 729
Deciphering Sudo’s Configuration File 733
Summary 744
Chapter 30 Installing and Upgrading Software Packages 745
Removing RPMs 758
Building Packages Using Source RPMs 761
Using Third-Party Sites to Find RPMs 768
Contents xxxi
Trang 5Installing Software from Source 771
Summary 778
Chapter 31 Backing Up and Restoring the File System 779
Memory Usage as Seen by Users and Processes 806
Summary 831
Part Five System Security and Problem Solving 833
Mandatory and Role-Based Access Control 836
xxxii Contents
Trang 6Finding More Information about SELinux 845Summary 846
Installing, Configuring, and Using LDAP 851Overview of LDAP Directory Organization 852
Core OpenLDAP Server Files, Daemons, and Utilities 856Configuring and Starting an OpenLDAP Server 857Using OpenLDAP for System Authentication 860Adding User, Password, and Group
Updating Client Systems to Use LDAP Authentication 861Installing, Configuring, and Using Kerberos 864Kerberos Terminology, Machine Roles, and Reliability 865
Installing and Configuring a Kerberos Server 867Enabling Kerberos Clients and Applications 870Using Kerberos for Login Authentication 871Summary 874
Step 4: Determine the Most Likely Cause 877
CD-ROM Drive Not Detected during Installation 884CD-ROM Drive Does Not Mount after Installation 885Sound Does Not Work after Installation 885
Contents xxxiii
Trang 7Accessing Windows File Systems 890
Avoiding File System Checks at Each System Reboot 891
Using Screensavers and Power Management 903
Summary 904
Using Wildcards and Special Characters 906
Conditional Execution Using if Statements 920Determinate Loops Using the for Statement 922Indeterminate Loops Using while and until Statements 923Selection Structures Using case and select Statements 924
Summary 941
xxxiv Contents
Trang 8PA R T
One
System and Network Administration Defined
Chapter 1: Duties of the System Administrator
Chapter 2: Planning the Network
Chapter 3: Standard Installation
Chapter 4: Kickstart Installation
Chapter 5: Exploring the Desktops
Chapter 6: System Startup and Shutdown
Chapter 7: The File System Explained
Chapter 8: Examining the System Configuration Files
Trang 10Duties of the System
Administrator
IN THIS CHAPTER
■■ The Linux System Administrator
■■ Installing and Configuring Servers
■■ Installing and Configuring Application Software
■■ Creating and Maintaining User Accounts
■■ Backing Up and Restoring Files
■■ Monitoring and Tuning Performance
■■ Configuring a Secure System
■■ Using Tools to Monitor Security
Linux is a multiuser, multitasking operating system from the ground up Inthis regard the system administrator has flexibility — and responsibility — farbeyond those of other operating systems Red Hat has employed innovationsthat extend these duties even for the experienced Linux user This chapterbriefly looks at those responsibilities, which are covered in more detail in laterchapters
The Linux System Administrator
Using Linux involves much more than merely sitting down and turning on themachine Often you hear talk of a “steep learning curve” but that discouragingphrase can be misleading Linux is quite different from the most popular com-mercial operating systems in a number of ways While it is no more difficult tolearn than other operating systems are, it is likely to seem very strange even tothe experienced administrator of other systems In addition, the sophistication
of a number of parts of the Red Hat distribution has increased by an order of
C H A P T E R
1
Trang 11magnitude, so even an experienced Linux administrator is likely to find muchthat is new and unfamiliar Fortunately, there are new tools designed to makesystem administration easier than ever before.
Make no mistake: Every computer in the world has a system administrator
It may be — and probably is — true that the majority of system administratorsare those who decided what software and peripherals were bundled with themachine when it was shipped That status quo remains because the majority ofusers who acquire computers for use as appliances probably do little to changethe default values But the minute a user decides on a different wallpaperimage or adds an application that was acquired apart from the machine itself,
he or she has taken on the role of system administration
The highfalutin’ title of system administrator brings with it some bilities No one whose computer is connected to the Internet, for instance, hasbeen immune to the effects of poorly administered systems, as demonstrated
responsi-by the distributed denial of service (DDoS) and email macro virus attacks thathave shaken the online world in recent years The scope of these acts of com-puter vandalism (in some cases, computer larceny) would have been greatlyreduced if system administrators had a better understanding of their duties.Linux system administrators are likely to understand the necessity of activesystem administration more than those who run whatever came on the com-puter, assuming that things came properly configured from the factory Theuser or enterprise that decides on Linux has decided, also, to assume the con-trol that Linux offers, and the responsibilities that this entails
By its very nature as a modern, multiuser operating system, Linux requires
a degree of administration greater than that of less robust, home-market tems This means that even if you use just a single machine connected to theInternet by a dial-up modem — or not even connected at all — you have thebenefits of the same system employed by some of the largest businesses in theworld, and will do many of the same things that IT professionals employed bythose companies are paid to do Administering your system does involve adegree of learning, but it also means that in setting up and configuring yourown system you gain skills and understanding that raise you above mere
sys-“computer user” status The Linux system administrator does not achieve thatmantle by purchasing a computer but by taking full control of what the com-puter does and how it does it
You may end up configuring a small home or small office network of two ormore machines, perhaps including ones that are not running Linux You may
be responsible for a business network of dozens of machines The nature ofsystem administration in Linux is surprisingly constant, no matter how large
or small your installation It merely involves enabling and configuring tures you already have available
fea-By definition, the Linux system administrator is the person who has “root”access, which is to say the one who is the system’s “superuser” (or root user) Astandard Linux user is limited to whatever he or she can do with the underlying
Trang 12engine of the system But the root user has unfettered access to everything — alluser accounts, their home directories, and the files therein; all system configura-tions; and all files on the system A certain body of thought says that no oneshould ever log in as “root,” because system administration tasks can be per-formed more easily and safely through other, more specific means, which wediscuss in due course Because the system administrator has full system privi-leges, your first duty is to know what you’re doing, lest you break something.
N OT E By definition, the Linux system administrator can be anyone who has
“root” access — anyone who has root access is the system’s “superuser.”
The word duty implies a degree of drudgery; in fact, it’s a manifestation of
the tremendous flexibility of the system measured against the responsibility torun a tight organization These duties do not so much constrain you, the sys-tem administrator, as free you to match the job to the task Let’s take a brieflook at them
Installing and Configuring Servers
When you hear the word server to describe a computer, you probably think of
a computer that offers some type of service to clients The server may providefile or printer sharing, File Transfer Protocol (FTP) or Web access, or email-processing tasks Don’t think of a server as a standalone workstation; think of
it as a computer that specifically performs these services for many users
In the Linux world, the word server has a broader meaning than what you
might be used to For instance, the standard Red Hat graphical user interface(GUI) requires a graphical layer called XFree86 This is a server It runs even on
a standalone machine with one user account It must be configured nately, Red Hat has made this a simple and painless part of installation on allbut the most obscure combinations of video card and monitor; gone are thedays of anguish as you configure a graphical desktop.)
(Fortu-Likewise, printing in Linux takes place only after you configure a printserver Again, this has become so easy as to be nearly trivial
In certain areas the client-server nomenclature can be confusing, though.While you cannot have a graphical desktop without an X server, you can haveremote Web access without running a local Web server, remote FTP accesswithout running a local FTP server, and email capabilities without ever start-ing a local mail server You may well want to use these servers, all of which areincluded in Red Hat; then again, maybe not Whenever a server is connected
to other machines outside your physical control, there are security tions to consider You want your users to have easy access to the things theyneed, but you don’t want to open up the system you’re administering to thewhole wide world
implica-Duties of the System Administrator 5
Trang 13N OT E Whenever a server is connected to machines outside your physical control, security issues arise You want users to have easy access to the things they need but you don’t want to open up the system you’re administering to the whole wide world.
Linux distributions used to ship with all imaginable servers turned on bydefault Just installing the operating system on the computer would install andconfigure — with default parameters — all the services available with the dis-tribution This was a reflection of an earlier, more innocent era in computingwhen people did not consider vandalizing other people’s machines to be goodsportsmanship Unfortunately, the realities of this modern, more dangerousworld dictate that all but the most essential servers remain turned off unlessspecifically enabled and configured This duty falls to the system administra-tor You need to know exactly which servers you need and how to employthem, and to be aware that it is bad practice and a potential security nightmare
to enable services that the system isn’t using and doesn’t need Fortunately, thefollowing pages show you how to carry out this aspect of system administra-tion easily and efficiently
Installing and Configuring Application Software
Although it is possible for individual users to install some applications intheir home directories — drive space set aside for their own files and customizations — these applications may not be available to other users with-out the intervention of the user who installed the program or the systemadministrator Besides, if an application is to be used by more than one user, itprobably needs to be installed higher up in the Linux file hierarchy, which is ajob that only the system administrator can perform (The administrator caneven decide which users may use which applications by creating a “group” forthat application and enrolling individual users in that group.)
New software packages might be installed in /opt if they are likely to beupgraded separately from the Red Hat distribution itself Doing this makes itsimple to retain the old version until you are certain that the new versionworks and meets your expectations Some packages may need to go in/usr/srcor even /usr if they are upgrades of packages installed as part ofRed Hat (For instance, there are sometimes security upgrades of existingpackages.) The location of the installation usually matters only if you compilethe application from source code; if you use a Red Hat Package Manager(RPM) application package, it automatically goes where it should
Configuration and customization of applications is to some extent at theuser’s discretion, but not entirely “Skeleton” configurations — administrator-determined default configurations — set the baseline for user employment of
Trang 14applications If there are particular forms, for example, that are used out an enterprise, the system administrator would set them up or at least makethem available by adding them to the skeleton configuration The sameapplies to configuring user desktops and in even deciding what applicationsshould appear on user desktop menus For instance, your company may notwant to grant users access to the games that ship with modern Linux desktops.You may also want to add menu items for newly installed or custom applica-tions The system administrator brings all this to pass.
through-Creating and Maintaining User Accounts
Not just anyone can show up and log on to a Linux machine An account must
be created for each user and — you guessed it — no one but the systemadministrator can do this That’s simple enough
But there’s more It involves decisions that either you or your companymust make You might want to let users select their own passwords, whichwould no doubt make them easier to remember but which probably would beeasier for a malefactor to crack You might want to assign passwords, which ismore secure in theory but increases the likelihood that users will write themdown on a conveniently located scrap of paper — a risk if many people haveaccess to the area where the machine(s) is located You might decide that usersmust change their passwords periodically — something you can configureRed Hat Enterprise Linux to prompt users about
What happens to old accounts? Suppose that someone leaves the company.You probably don’t want that person to gain access to the company’s network,but you also don’t want to delete the account wholesale, only to discover laterthat essential data resided nowhere else
To what may specific users have access? It might be that there are aspects ofyour business that make Web access desirable, but you don’t want everyonespending their working hours surfing the Web If your system is at home, youmay wish to limit your children’s access to certain Web sites
These and other issues are part of the system administrator’s duties in aging user accounts Whether the administrator or his or her employer estab-lishes policies governing accounts, these policies should be delineated —preferably in writing for a company — for the protection of all concerned
man-Backing Up and Restoring Files
Until computer equipment becomes infallible, until people lose the desire toharm others’ property, and — truth be told — until system administratorsbecome perfect, there is considerable need to back up important files so that
Duties of the System Administrator 7
Trang 15the system can be up and running again with minimal disruption in the event
of hardware, security, or administration failure Only the system administratormay do this (Because of its built-in security features, Linux doesn’t allow evenusers to back up their own files to removable disks.)
It’s not enough to know that performing backups is your job You need toformulate a strategy for making sure your system is not vulnerable to cata-strophic disruption This is not always obvious If you have a high-capacitytape drive and several good sets of restore disks, you might make a full systembackup every few days If you are managing a system with scores of users, youmight find it more sensible to back up user accounts and system configurationfiles, figuring that reinstallation from the distribution CDs would be quickerand easier than getting the basics off a tape archive (Don’t forget about appli-cations you install separately from your Red Hat distribution, especially thoseinvolving heavy customization.)
Once you decide what to back up, you need to decide how frequently to
per-form backups, whether to maintain a series of incremental backups — addingonly files that have changed since the last backup — or multiple full backups,
and when these backups should be performed Do you trust an automated,
unattended process? If you help determine which equipment to use, do you gowith a redundant array of independent disks (RAID), which is to say multiplehard drives all containing the same data as insurance against the failure of anyone of them, in addition to other backup systems? (A RAID is not enoughbecause hard drive failure is not the only means by which a system can bebrought to a halt.)
You don’t want to become complacent or foster a lackadaisical attitudeamong users Part of your strategy should be to maintain perfect backups with-out ever needing to resort to them This means encouraging users to keep mul-tiple copies of their important files in their home directories so that you won’t
be asked to mount a backup to restore a file that a user corrupted (If your tem is a standalone one then, as your own system administrator, you shouldmake a habit of backing up your configuration and other important files.)Restoring files from your backup media is no less important than backingthem up in the first place Be certain you can restore your files if the need arises
sys-by testing your restore process at least once during a noncritical time cally testing your backup media is also a good idea
Periodi-Chances are good that even if you work for a company, you’ll be the onemaking these decisions Your boss just wants a system that runs perfectly, allthe time Backing up is only part of the story, however You need to formulate
a plan for bringing the system back up after a failure A system failure could becaused by any number of problems, either related to hardware or software(application, system configuration) trouble, and could range from a minorinconvenience to complete shutdown